03.CREATE USER

CONTROLLER NODE

// Create admin user across all servers
root@oco:~$ useradd -s /bin/bash -m -d /home/ansible-admin ansible-admin
root@oco:~$ cat /etc/passwd | grep ansible-admin

//provide root access for ansible admin on all servers
root@oco:~$ nano /etc/sudoers
 ## Allow root to run any commands anywhere
 ansible-admin ALL=(ALL) NOPASSSWD: AL
root@oco:~$ sudo cat /etc/sudoers | grep ansible-admin

/***** OPTIONAL BUT PREFERRED *****/

//Create an authoritative user with access to ansible-admin user (PREFERRED/OPTIONAL)
root@oco:~$ useradd -s /bin/bash -m -d /home/ansible-user ansible-user
root@oco:~$ passwd {arbitraryPassword}
root@oco:~$ nano /etc/sudoers
 ## Allow root to run any commands anywhere
 root ALL=(ALL) ALL
 ansible-admin ALL=(ALL) NOPASSWD: ALL
 ansible-user ALL=(ALL) NOPASSWD: ALL
 
//enable PWD authentication
root@oco:~$ nano /etc/ssh/sshd_config
 # To disable tunneled clear text passwords, change to no here!
 PasswordAuthentication yes
root@oco:~$ systemctl restart sshd

root@managementPC:~$ sudo su - ansible-admin
root@managementPC:~$ cd /home/ansible-admin/project
root@managementPC:~$ pwd
 /home/ansible-admin/project
 ...

 * the user named ansible-admin account is the account used to control all the managed
   nodes along with the controller node.
    - it is best to create a separate account that is allowed switch to
      the ansible-admin user account for logging and tracking purposes
    
/***** OPTIONAL BUT PREFERRED *****/

MANAGED NODES

LINUX

root@managedNode:~$ useradd -s /bin/bash -m -d /home/ansible-admin ansible-admin
root@managedNode:~$ cat /etc/passwd | grep ansible-admin
root@managedNode:~$ nano /etc/sudoers
 ## Allow root to run any commands anywhere
 ansible-admin ALL=(ALL) NOPASSWD: ALL

WINDOWS

//
PS C:\managedNode1:~$ $Password = Read-Host -AsSecureString "Enter Password"
PS C:\managedNode1:~$ New-LocalUser -Name "ansible-admin" -Password $Password
 *  ALT: New-LocalUser -Name "ansible-admin" -NoPassword -Description "Managed node SSH user" -FullName "ansible admin"
 
//add to administrators group
PS C:\managedNode1:~$ Add-LocalGroupMember -Group "Administrators" -Member "ansible-admin"
Previous02.INSTALL DEPENDENCIESNext04.CREATE ADMIN ACCESS

Last updated